3 matches found
CVE-2015-0934
Common LaTeX Service Interface CLSI before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via backtick characters in a filename...
CVE-2015-0934
CVE-2015-0934 affects ShareLaTeX via CLSI before 0.1.3. The vulnerability arises from backtick characters in filenames, allowing remote authenticated users to execute arbitrary commands on the server (command injection). CLSI 0.1.3 fixes the issue and is included in ShareLaTeX 0.1.3; upgrade to t...
ShareLaTeX vulnerable to remote command execution and information disclosure
Overview ShareLaTeX is a server-based software allowing group collaboration on LaTeX documents. ShareLaTeX prior to version 0.1.3 has been found to be vulnerable to command injections and information disclosure. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path...